Deciding Hyperproperties

Similar documents
Software Engineering using Formal Methods

Complexity in Modal Team Logic

Monitoring Hyperproperties

CS 267: Automated Verification. Lecture 8: Automata Theoretic Model Checking. Instructor: Tevfik Bultan

Revision Sheet. (a) Give a regular expression for each of the following languages:

Lecture 9: LTL and Büchi Automata

Automata Theory 101. Introduction. Outline. Introduction Finite Automata Regular Expressions ω-automata. Ralf Huuck.

4 Deterministic Büchi Automata

Formal languages, automata, and theory of computation

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

1 From NFA to regular expression

Formal Methods in Software Engineering

Handout: Natural deduction for first order logic

The Value 1 Problem for Probabilistic Automata

Good-for-Games Automata versus Deterministic Automata.

Section: Other Models of Turing Machines. Definition: Two automata are equivalent if they accept the same language.

Introduction to ω-autamata

Coalgebra, Lecture 15: Equations for Deterministic Automata

The University of Nottingham SCHOOL OF COMPUTER SCIENCE A LEVEL 2 MODULE, SPRING SEMESTER LANGUAGES AND COMPUTATION ANSWERS

On Determinisation of History-Deterministic Automata.

Ehrenfeucht-Fraïssé Games: Applications and Complexity. Department of Mathematics and Computer Science University of Udine, Italy ESSLLI 2010 CPH

Formal Language and Automata Theory (CS21004)

Finite Automata. Informatics 2A: Lecture 3. John Longley. 22 September School of Informatics University of Edinburgh

Non-Deterministic Finite Automata. Fall 2018 Costas Busch - RPI 1

Chapter 2 Finite Automata

Finite Automata. Informatics 2A: Lecture 3. Mary Cryan. 21 September School of Informatics University of Edinburgh

Closure Properties of Regular Languages

Minimal DFA. minimal DFA for L starting from any other

1.4 Nonregular Languages

Nondeterminism and Nodeterministic Automata

Regular expressions, Finite Automata, transition graphs are all the same!!

The Dirichlet Problem in a Two Dimensional Rectangle. Section 13.5

Boolean algebra.

Reasoning and programming. Lecture 5: Invariants and Logic. Boolean expressions. Reasoning. Examples

DP Lower Bounds for Equivalence-Checking and Model-Checking of One-Counter Automata 2

Controlling a population of identical NFA

The Quest for Perfect and Compact Symmetry Breaking for Graph Problems

CMPSCI 250: Introduction to Computation. Lecture #31: What DFA s Can and Can t Do David Mix Barrington 9 April 2014

1. For each of the following theorems, give a two or three sentence sketch of how the proof goes or why it is not true.

Applied Automata Theory

CS 275 Automata and Formal Language Theory

More general families of infinite graphs

CS 330 Formal Methods and Models

From LTL to Symbolically Represented Deterministic Automata

First Midterm Examination

More on automata. Michael George. March 24 April 7, 2014

CS 275 Automata and Formal Language Theory

Learning Goals. Relational Query Languages. Formal Relational Query Languages. Formal Query Languages: Relational Algebra and Relational Calculus

A Temporal Logic Approach to Information-flow Control

How to simulate Turing machines by invertible one-dimensional cellular automata

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2016

1 Nondeterministic Finite Automata

EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties

Finite state automata

Grammar. Languages. Content 5/10/16. Automata and Languages. Regular Languages. Regular Languages

Chapter Five: Nondeterministic Finite Automata. Formal Language, chapter 5, slide 1

Lecture 2: January 27

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2014

Tutorial Automata and formal Languages

LTL Translation Improvements in Spot

Intermediate Math Circles Wednesday, November 14, 2018 Finite Automata II. Nickolas Rollick a b b. a b 4

Summer School Verification Technology, Systems & Applications

Learning Moore Machines from Input-Output Traces

CSCI FOUNDATIONS OF COMPUTER SCIENCE

Non Deterministic Automata. Linz: Nondeterministic Finite Accepters, page 51

Is the system correct? Introduction to Formal Verification. Measuring SW Complexity. Design Complexity. Aniello Murano. Source Lines of Code (SLOC)

Assignment 1 Automata, Languages, and Computability. 1 Finite State Automata and Regular Languages

CS 275 Automata and Formal Language Theory

Lecture 08: Feb. 08, 2019

Thoery of Automata CS402

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

Table of contents: Lecture N Summary... 3 What does automata mean?... 3 Introduction to languages... 3 Alphabets... 3 Strings...

Anatomy of a Deterministic Finite Automaton. Deterministic Finite Automata. A machine so simple that you can understand it in less than one minute

Homework 3 Solutions

KNOWLEDGE-BASED AGENTS INFERENCE

Genetic Programming. Outline. Evolutionary Strategies. Evolutionary strategies Genetic programming Summary

Lexical Analysis Finite Automate

Global Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems

CSCI 340: Computational Models. Kleene s Theorem. Department of Computer Science

Semantics 1. Gerhard Jäger. May 15, (May 15, 2012) Semantics 1 Gerhard Jäger 1 / 19

Strong Bisimulation. Overview. References. Actions Labeled transition system Transition semantics Simulation Bisimulation

CS103B Handout 18 Winter 2007 February 28, 2007 Finite Automata

Theory of Computation Regular Languages. (NTU EE) Regular Languages Fall / 38

ENGI 3424 Engineering Mathematics Five Tutorial Examples of Partial Fractions

CDM Automata on Infinite Words

E 1 (n) = E 0 (n-1) E 0 (n) = E 0 (n-1)+e 0 (n-2) T(n -1)=2E 0 (n-2) + E 0 (n-3)

First Midterm Examination

input tape head moves current state

Designing finite automata II

Mitschrift Automata on Infinite Words - Exercises Dr. S. Wöhrle Dipl.-Math. Philipp Rohde

Parse trees, ambiguity, and Chomsky normal form

1.3 Regular Expressions

Foundations of XML Types: Tree Automata

Finite Automata-cont d

CHAPTER 1 Regular Languages. Contents

Global Session Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems

Section 6.1 INTRO to LAPLACE TRANSFORMS

Expansion-Based QBF Solving Without Recursion

Theory of Computation Regular Languages

A tutorial on sequential functions

Transcription:

ne.jpeg Deciding Hyperproperties Bernd Finkeiner nd Christopher Hhn Rective Systems Group Srlnd University, Germny Highlights of Logic, Gmes nd Automt Brussels, 06.-09. Septemer 2016 0

Informti Lekge Hertleed - 4.5m ptient informti leked Goto Fil - encrypti of >300m devices roken Shellshock - we servers ttckle for 22 yers 1

HyperLTL - A Logic for Informti-flow Ctrol [Clrks, Finkeiner, Koleini, Micinski, Re, Sánchez, 14] Oservtil Determinism: Progrm ppers deterministic to low security users. π. π. (I π = I π ) (O π = O π ) Generlized Ninterference:... dditilly low-security outputs my not e ltered y injecti of high-security inputs. π. π. π. (HighI π = HighI π ) (O π = O π ) 2

HyperLTL - An Extensi of LTL LTL logicl cnectives:, temporl cnectives: - glolly - next is stisfied y {} ω s well s {, } ω is unstisfile. HyperLTL LTL + explicit trce quntifiers: Oservtil Determinism: π. π. (I π = I π ) (O π = O π ) π. π. π π is stisfile y {{} ω, {} ω }. defines set of computti trces (trce property) defines set of sets of computti trces (hyperproperty) 3

Stisfiility of HyperLTL Definiti (HyperLTL-SAT) Let φ e n HyperLTL formul. HyperLTL-SAT is the prolem to decide whether there exists n-empty trce set T stisfying φ. Exmple (Applicti) Two versis of Oservtil Determinism: π. π. (I π = I π ) (O π = O π ) π. π.(i π = I π ) (O π = O π ) Which vriti is strger? 4

Chllenge LTL Stisfiility Solving Trnslte LTL formul into Büchi utomt Check the utomt for emptiness PSPACE-complete HyperLTL Stisfiility Solving A Hyperproperty is not necessrily ω-regulr Stndrd utomt pproch cnnot e pplied 5

Key Results [Finkeiner, H., 16] HyperLTL-SAT is PSPACE-complete for lternti-free formuls HyperLTL-SAT is EXPSPACE-complete for formuls HyperLTL-SAT is undecidle for formuls 6

Outline - Solving HyperLTL-SAT & 1. Alternti-free frgments ( & ) 2. Alternti strting with existentil quntifier ( ) 3. Alternti strting with universl quntifier ( ) 7

Existentil Frgment Theorem HyperLTL-SAT is PSPACE-complete. Exmple π 0 π 1. π0 π0 c π0 π1 c π1 Ide: Replce indexed tomic propositis with fresh tomic propositis. 0 0 c 0 1 c 1 8

Existentil Frgment Theorem HyperLTL-SAT is PSPACE-complete. Exmple π 0 π 1. π0 π0 c π0 π1 c π1 Ide: Replce indexed tomic propositis with fresh tomic propositis. 0 0 c 0 1 c 1 t : { 0, 0, c 0, 1 } ω 8

Existentil Frgment Theorem HyperLTL-SAT is PSPACE-complete. Exmple π 0 π 1. π0 π0 c π0 π1 c π1 Ide: Replce indexed tomic propositis with fresh tomic propositis. 0 0 c 0 1 c 1 t : { 0, 0, c 0, 1 } ω T = {{,, c} ω, {} ω } 8

Universl Frgment Theorem HyperLTL-SAT is PSPACE-complete. Exmple π π. π π t t unstisfile Ide: Discrd indexes from indexed propositis 9

Outline - Solving HyperLTL-SAT & 1. Alternti-free frgments ( & ) 2. Alternti strting with existentil quntifier ( ) 3. Alternti strting with universl quntifier ( ) 10

HyperLTL-SAT Lemm For every π 1... π n π 1... π.φ HyperLTL formul, there exists m n equistisfile HyperLTL formul. Exmple π 0 π 1 π 0 π 1. ( π 0 π 1 ) ( c π 0 d π1 ) Ide: Unroll universl quntifiers π 0 π 1. ( π0 π0 ) ( c π0 d π1 ) ( π1 π0 ) ( c π0 d π1 ) ( π0 π1 ) ( c π0 d π1 ) ( π1 π1 ) ( c π0 d π1 ) 11

Complexity of HyperLTL-SAT Theorem Let n e the numer of existentil quntifier nd m e the numer of universl quntifier. HyperLTL-SAT is EXPSPACE-complete. Unrolling results in formul of size O(n m ). Hrdness follows from n encoding of n EXPSPACE-ounded Turing mchine in this frgment. 12

HyperLTL-SAT Theorem Bounded HyperLTL-SAT is PSPACE-complete. Oservti: In prctice, mny properties of interest quntify universlly over pirs of trces π. π. (I π = I π ) (O π = O π ) π. π.(i π = I π ) (O π = O π ) π. π. π. (HighI π = HighI π ) (O π = O π ) 13

Outline - Solving HyperLTL-SAT & 1. Alternti-free frgments ( & ) 2. Alternti strting with existentil quntifier ( ) 3. Alternti strting with universl quntifier ( ) 14

The Power of - Encoding of PCP Cn give HyperLTL formul, which is ly stisfied y n infinite trce set: π π. π (1) ( π π ) (2) ( π π ) (3) Encoding of Posts Correspdence Prolem (PCP) in this frgment. Theorem HyperLTL-SAT is undecidle. 15

Summry & Cclusi -Bounded PSpcecomplete PSpcecomplete EXPSpcecomplete PSpcecomplete undecidle Stisfiility of lternti-free formuls is decidle Implicti nd equivlence of lternti-free formuls re decidle Full logic is undecidle: HyperLTL is much more powerful thn LTL Christopher Hhn: hhn@rect.uni-srlnd.de 16

Appendix 17

Biliogrphy [Clrks, Schneider, 10] Clrks, M. R., nd F. B. Schneider. "Hyperproperties." Journl of Computer Security 18.6 (2010): 1157-1210. [Clrks, Finkeiner, Koleini, Micinski, Re, Sánchez, 14] Clrks, M. R., Finkeiner, B., Koleini, M., Micinski, K. K., Re, M. N., & Sánchez, C. (2014, April). Temporl logics for hyperproperties. In Interntil Cference Principles of Security nd Trust (pp. 265-284). [Finkeiner, H., 16] Bernd Finkeiner nd Christopher Hhn. Deciding hyperproperties. In Interntil Cference Ccurrency Theory (2016). Picture: http://russiinsider.com/sites/insider/files/20110226_d001_0.jpg 18

HyperLTL Syntx Syntx ψ ::= π. ψ π. ψ φ φ ::= π φ φ φ φ φ φ Quntifier Prefix with ritrry lternti Then quntifier-free LTL formul with trce vriles,,,, derived in the usul wy X π = X π syntctic sugr for x X(x π x π ) Exmple All executis hve the light t the sme time. π. π. ( π π ) 19

HyperLTL Semntics Semntics w.r.t. Trce Envirment : Vr TR = T π.φ iff for ll t T, s.t. [π t] = T φ = T π iff (π)[0] = T φ iff i 0 : [i, ] = T φ All executis hve the light t the sme time. π. π. ( π π ) 20

HyperLTL Semntics Semntics w.r.t. Trce Envirment : Vr TR = T π.φ iff for ll t T, s.t. [π t] = T φ = T π iff (π)[0] = T φ iff i 0 : [i, ] = T φ All executis hve the light t the sme time. π. π. ( π π ) 1. {π t} = M π. (...) 20

HyperLTL Semntics Semntics w.r.t. Trce Envirment : Vr TR = T π.φ iff for ll t T, s.t. [π t] = T φ = T π iff (π)[0] = T φ iff i 0 : [i, ] = T φ All executis hve the light t the sme time. π. π. ( π π ) 1. {π t} = M π. (...) 2. {π t, π t } = T (...) 20

HyperLTL Semntics Semntics w.r.t. Trce Envirment : Vr TR = T π.φ iff for ll t T, s.t. [π t] = T φ = T π iff (π)[0] = T φ iff i 0 : [i, ] = T φ All executis hve the light t the sme time. π. π. ( π π ) 1. {π t} = M π. (...) 2. {π t, π t } = T (...) 3. i 0 : {π t[i, ], π t [i, ]} = T π π 20

Encoding of Posts Correspdence Prolem Exmple PCP instnce: I II III 21

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I π s...... HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I π s III...... HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I π s III...... HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste 3. for every trce, there exists nother without the first ste 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste 3. for every trce, there exists nother without the first ste π s π s III............ 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste 3. for every trce, there exists nother without the first ste π s π s III II...... II...... 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste π s π s π s III II III...... II III...... III...... 3. for every trce, there exists nother without the first ste 22

Encoding of Posts Correspdence Prolem Exmple PCP soluti: III II III I HyperLTL encoding: 1. exists soluti -trce π s, where top mtches ottom 2. every trce strts with vlid ste 3. for every trce, there exists nother without the first ste π s π s π s π s III II III I...... II III I...... III I...... I...... 22

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback